Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

InstallShield Update Service Scheduler (ISUSPM.EXE) problems


  • Please log in to reply
9 replies to this topic

#1 Tabarnako

Tabarnako

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 23 December 2017 - 02:43 PM

Hi! This is my first time posting here and I'm desperate to solve my issue. So about a month ago I started noticing some serious browser delays while loading pages. At first the problem was really slight but got worst and worst. After a few weeks I started to notice that the EXE "InstallShield Update service scheduler" started to crash and when it did It completly blocked my internet connection. All those problems only happened while browsing the web as games and VoIP exe worked properly. Of course I tried multiple web browser with the exact same issue. pages taking over 30s to load (even google.com). Got tired of fighting since no Anti-Malware seemed to find any virus on my computer.

 

Last week I finaly decided to format my PC. For the first week everything went smoothly and I was absolutely sure that my problem was solved. Unfortunately the problem came back and once again is getting worst and worst. The ISUSPM.EXE crashes frequently, my internet connection while browsing is awefull (did all the speed test and the connection itself is 100% fine) and when it crashed I can't use internet anymore. 

 

I tried a few topics here and there without luck. Please help me solve my issue!

 

Also to note is that the issue doesn't happen at all in SafeMode, everything is 100% fine when in SafeMode.

 

Best regards,

 

Gabriel

 

Edit: When the program crashes it cut my whole internet connection (all app or functions included), sorry it has not been clear :)

 

Edit2: When I say that pages takes a while to load I always see "Waiting for proxy tunel" at the bottom of my browser


Edited by Tabarnako, 23 December 2017 - 03:00 PM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,397 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:28 AM

Posted 23 December 2017 - 04:00 PM

Read the info in the link below if you haven't done so. Several suggestions on how to fix the "Waiting for proxy tunnel." I

think you left out one "n"....tunnel...not tunel.

Fix Waiting for proxy tunnel issue in Chrome browser

 

Let me know if you were able to resolve the slow loading of web pages after following some suggestions on that web page.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Tabarnako

Tabarnako
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 23 December 2017 - 11:07 PM

Ok so I have tried some solutions of the above without any luck. Nothing changed. Again I'm wondering why the issue (lag and InstallShield) are not here when booting in safe mode? That makes me assume that both problems are either the same problem or closely related? I could be wrong but so far no luck



#4 buddy215

buddy215

  • Moderator
  • 13,397 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:28 AM

Posted 24 December 2017 - 06:24 AM

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of Google Chrome and Avast.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Malwarebytes - Clean Mode

  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update its database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

If you are unable to run a scan using MBAM:

Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan.
https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

 

 

Download AdwCleaner by Xplode onto your desktop. (compatible with Windows 7, 8 and 10)

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 Tabarnako

Tabarnako
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 24 December 2017 - 11:59 AM

Hi! And good Xmass eve!

 

Ok I feel great and stupid at the same time. I can post all you asked without problem but the problem solved itself after a malwarebyte scan wich found 20 threat. If you want me to go ahead for any reason and post all logs that you required I will gladly do it but I wanted to quickly inform you that after the MalwareBytes inspection and removal of those 20 threat my problem is 100% solved, my InstallShield Update Service Scheduler doesn't pop at all time and crash, my internet lag caused by some proxy wizardry is gone and everything runs smoothly.

 

Please let me know if you would like me to post the required logs anyway or if you want to close this thread. Wathever happens I'm so glad we found (as easy at it was....) a solution to my issue :D



#6 buddy215

buddy215

  • Moderator
  • 13,397 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:28 AM

Posted 24 December 2017 - 12:14 PM

If you would post those...as much as for me to help others with the same problem and for those who view your topic looking for solutions to

the same or similar problem...

Merry Xmas to you and yours and thanks!


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 Tabarnako

Tabarnako
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 24 December 2017 - 12:27 PM

MalwareBytes Log:

 

 

Malwarebytes

www.malwarebytes.com
 
-Log Details-
Scan Date: 12/24/17
Scan Time: 11:45 AM
Log File: dd411f8a-e8c9-11e7-a969-704d7b62a72f.json
Administrator: Yes
 
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3557
License: Trial
 
-System Information-
OS: Windows 10 (Build 16299.125)
CPU: x64
File System: NTFS
User: DESKTOP-P7HASTS\Gabriel
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 270266
Threats Detected: 20
Threats Quarantined: 20
Time Elapsed: 0 min, 30 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 7
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\InstallShield® Update Service Scheduler, Quarantined, [296], [261680],1.0.3557
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{ED281054-B27D-4A06-8AA2-8B6E9D255321}, Quarantined, [296], [261680],1.0.3557
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{ED281054-B27D-4A06-8AA2-8B6E9D255321}, Quarantined, [296], [261680],1.0.3557
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, [296], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\OPTIMIZE THUMBNAIL CACHE FILES, Quarantined, [296], [328817],1.0.3557
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FA575406-CCD3-4D17-BAA1-1AA9B0D31450}, Quarantined, [296], [328817],1.0.3557
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{FA575406-CCD3-4D17-BAA1-1AA9B0D31450}, Quarantined, [296], [328817],1.0.3557
 
Registry Value: 11
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-2761605222-1044505700-2894018580-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [296], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [296], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [296], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYSERVER, Quarantined, [296], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYSERVER, Quarantined, [296], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYOVERRIDE, Quarantined, [296], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYOVERRIDE, Quarantined, [296], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYSETTINGSPERUSER, Quarantined, [296], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYSETTINGSPERUSER, Quarantined, [296], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{ED281054-B27D-4A06-8AA2-8B6E9D255321}|PATH, Quarantined, [296], [261682],1.0.3557
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FA575406-CCD3-4D17-BAA1-1AA9B0D31450}|PATH, Quarantined, [296], [328818],1.0.3557
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 2
Hijack.AutoConfigURL.PrxySvrRST, C:\WINDOWS\SYSTEM32\TASKS\InstallShield® Update Service Scheduler, Quarantined, [296], [261680],1.0.3557
Hijack.AutoConfigURL.PrxySvrRST, C:\WINDOWS\SYSTEM32\TASKS\OPTIMIZE THUMBNAIL CACHE FILES, Quarantined, [296], [328817],1.0.3557
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)

 

 

AdwCleaner Logs:

 

 

# AdwCleaner 7.0.5.0 - Logfile created on Sun Dec 24 17:21:36 2017

# Updated on 2017/29/11 by Malwarebytes 
# Database: 12-23-2017.1
# Running on Windows 10 Pro (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

 

 

CCleaner Logs: 

 

 

Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task MSIAfterburner MICRO-STAR INTERNATIONAL CO., LTD. C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe /s
Yes Task NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Yes Task NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe"
Yes Task NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe --launcher=TaskScheduler
Yes Task NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
Yes Task NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
Yes Task NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe
Yes Task NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe
Yes Task NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe --logon
 

 

So there are the required logs. One weird thing is that this "virus" or "malware" cameback EVEN after a clean wipe and format of my windows. So to anyone out here who's got this issue I suggest posting your own thread since I've found my issue multiples times at multiple locations and all solutions were different. On the other hand if it can help try this method out it's quite simple to do :P

 

Best regards,

 

Gabriel

 

EDIT: Forgot to say that my InstallShield problem AND my "proxy" lag in browsers were solved by the same problem. Another thing to note is when affected by this malware I was unable to change some proxy settings in windows general settings under   SETTINGS / NETWORK & INTERNET / PROXY / "Use proxy server box" was always on and couldn't turn it off. Once malware was removed everything went back to normal.


Edited by Tabarnako, 24 December 2017 - 12:34 PM.


#8 buddy215

buddy215

  • Moderator
  • 13,397 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:28 AM

Posted 24 December 2017 - 12:39 PM

Missing two lists from CCleaner...Windows Startups and Installed programs.

 

Delete this Task: Use CCleaner by clicking on it and choosing Delete on the right.

Yes Task AutoPico Daily Restart @ByELDI "C:\Program Files\KMSpico\AutoPico.exe" /silent

 

Disable these Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.

If the computer or Graphics card is less than a year old you may want to leave these enabled. Otherwise, I consider them useless and possible spying.

Windows 10 will update NVIDIA Graphics if needed.
 
Yes Task NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Yes Task NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe"
Yes Task NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe --launcher=TaskScheduler
Yes Task NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
Yes Task NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
Yes Task NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe
Yes Task NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe
Yes Task NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe --logon

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 Tabarnako

Tabarnako
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 24 December 2017 - 12:44 PM

CCleaner Startups:

 

 

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

Yes HKCU:Run Discord Discord Inc. C:\Users\Gabriel\AppData\Local\Discord\app-0.0.299\Discord.exe
Yes HKCU:Run OneDrive Microsoft Corporation "C:\Users\Gabriel\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
Yes HKCU:Run Steam Valve Corporation "C:\Jeux\Steam\steam.exe" -silent
Yes HKLM:Run Corsair Utility Engine Corsair Components, Inc. "C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe" --autorun
Yes HKLM:Run RTHDVCPL Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
Yes HKLM:Run SecurityHealth Microsoft Corporation %ProgramFiles%\Windows Defender\MSASCuiL.exe
Yes HKLM:Run Sonic Studio 3 ASUSTeK COMPUTER INC. "C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3svc32.exe" /start SonicStudioSystray /silent
 

 

 

Yes Directory File ownership

Yes Directory Open PowerShell window here powershell.exe -noexit -command Set-Location -literalPath '%V'
Yes Drive Open PowerShell window here powershell.exe -noexit -command Set-Location -literalPath '%V'
Yes File MBAMShlExt Malwarebytes C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
Yes File WinRAR Alexander Roshal C:\Program Files (x86)\WinRAR\rarext64.dll
Yes File WinRAR32 Alexander Roshal C:\Program Files (x86)\WinRAR\rarext.dll
Yes Folder MBAMShlExt Malwarebytes C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
Yes Folder WinRAR Alexander Roshal C:\Program Files (x86)\WinRAR\rarext64.dll
Yes Folder WinRAR32 Alexander Roshal C:\Program Files (x86)\WinRAR\rarext.dll
 
EDIT: Also performed suggested task from previous answer

Edited by Tabarnako, 24 December 2017 - 12:45 PM.


#10 buddy215

buddy215

  • Moderator
  • 13,397 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:28 AM

Posted 24 December 2017 - 02:14 PM

These suggested Disablings will reduce memory usage and decrease boot time. Up to you whether to disable or not.

Yes HKCU:Run Discord Discord Inc. C:\Users\Gabriel\AppData\Local\Discord\app-0.0.299\Discord.exe
Yes HKCU:Run OneDrive Microsoft Corporation "C:\Users\Gabriel\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
Yes HKCU:Run Steam Valve Corporation "C:\Jeux\Steam\steam.exe" -silent
Yes HKLM:Run Sonic Studio 3 ASUSTeK COMPUTER INC. "C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3svc32.exe" /start SonicStudioSystray /silent
Yes File WinRAR Alexander Roshal C:\Program Files (x86)\WinRAR\rarext64.dll
Yes File WinRAR32 Alexander Roshal C:\Program Files (x86)\WinRAR\rarext.dll
Yes Folder WinRAR Alexander Roshal C:\Program Files (x86)\WinRAR\rarext64.dll
Yes Folder WinRAR32 Alexander Roshal C:\Program Files (x86)\WinRAR\rarext.dll
 
Did you use a tool similar to the one in link below? The reason for asking is the first three items in your list of posted Startups.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users